Author

Topic: Passport wallet vs trezor 1 or trezor 2. (Read 268 times)

legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
December 03, 2023, 10:43:20 AM
#18
After careful thought I grabbed a trezor 3️⃣ .

My 1 and my 2 are good.

I also have a safepal for the business.
hero member
Activity: 714
Merit: 1298
November 27, 2023, 12:46:15 PM
#17
For instance, the open source Electrum wallet, up to version 4.3.4 (January 26, 2023), which replaced the QR library, had a QR-relevant-vulnerability that potentially could open a  door to hackers.

This was demonstrated by Eric Michaud in his video presentation on SEC-T 2022. (watch from 18:00).
It's not the best video demonstration and a bit hard to follow what he is doing. But the end result is that he retrieved the private key somehow by manipulating the command prompt window.

He said that the Electrum  problem was related to the bad  BIP70 implementation and demonstrated  how their malicious QR exploit can be  used to easily  catch the authentication token  when connecting to  user's system which, in turn,  allows  to get access to user's wallet. Some of his slides refer to CVE - 2022 -31246 details of which can be found here.

More about   QR-related vector attack on  "old" (< 4.2.2 ) Electrum is here.
In 4.3.4 they fully replaced qrlibrary.

Btw, is that QR code on the right one of the Electrum wallet's private keys or what is it?

I don't think that QR shows Electrum wallet private key. Probably that  QR directs to slido.com (URL is shown on their slides near QR itself).

But, if you ask about QR shown on picture below

Quote

then, he told,  this is their QR which encompasses  exploit,
legendary
Activity: 2730
Merit: 7065
November 27, 2023, 11:33:13 AM
#16
For instance, the open source Electrum wallet, up to version 4.3.4 (January 26, 2023), which replaced the QR library, had a QR-relevant-vulnerability that potentially could open a  door to hackers.

This was demonstrated by Eric Michaud in his video presentation on SEC-T 2022. (watch from 18:00).
It's not the best video demonstration and a bit hard to follow what he is doing. But the end result is that he retrieved the private key somehow by manipulating the command prompt window. Btw, is that QR code on the right one of the Electrum wallet's private keys or what is it?
hero member
Activity: 714
Merit: 1298
November 27, 2023, 05:50:56 AM
#15
...and I prefer QR code which is malware resistant.
I am not sure of any active malware threats that target displayed QR codes,

They may be  developed (or already exist)  due to the  lack of integrity in wallets' code combined with flaws in QR libraries they use.

For instance, the open source Electrum wallet, up to version 4.3.4 (January 26, 2023), which replaced the QR library, had a QR-relevant-vulnerability that potentially could open a  door to hackers.

This was demonstrated by Eric Michaud in his video presentation on SEC-T 2022. (watch from 18:00).
legendary
Activity: 2212
Merit: 7064
October 31, 2023, 02:43:25 PM
#14
who has tested passport wallet and compared it to trezor?
You can't really compare this hardware wallets, because Passport is new generation airgapped device and they have secure element, unlike old trezor wallets.
Don't get me wrong, but if there is nothing wrong with your current hardware wallets than I don't see why you would nee to buy third one, unless you are gadget addict like me  Cheesy
I know several people who use new Passport device only for bitcoin and they are very happy with it.

I have unable to see any information about its durability, but I believe it is as durable as Trezor hardware wallets if not more. Also that it is not what that would be carried about but kept in a safe place.
I don't have any Passport destruction videos but I am sure it wouldn't survive hit with a hammer.
However, it is made from premium materials, it has metal parts and it should be easier to use than bot trezor devices, but don't expect ip water protection and gorilla glass from Passport.


legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 31, 2023, 01:03:42 PM
#13
Perhaps new generation crypto-malware will have the capability to attack certain wallets directly and not replace an address in the clipboard. An infected wallet will show the wrong address in the software (addresses tab, new receiving addresses, etc.). Perhaps it's going to be a type of master public key replacer instead of a clipboard malware that replaces your zpub with another one.
Malware can affect the clipboard, it can monitor the screen, it can be a keylogger and the likes, but I do not think there would be a malware that can affect a wallet directly in this way unless the vulnerability is added to the wallet's code. If you download the right wallet after you verify the PGP key, I do not think this would be possible. But best to always avoid malware.

If it is about Passport wallet, do not forget that the wallet on desktops is a watch-only wallet. If it is an unsigned transaction from the senders desktop wallet and it is still QR code, it can not be manipulated. What I think more about this is clipboard malware which is not possible if QR code is used.

In that case, you would scan the wrong address and notice the difference on the hardware wallet screen if you check it.
It is true that the address should be rechecked.
legendary
Activity: 2730
Merit: 7065
October 31, 2023, 11:56:19 AM
#12
QR code offer a better means of signing PBST (I mean unsigned transactions), which is far more secure. QR code is resistant to malware in the sense that you do not have to copy anything to clipboard to paste. Clipboard malware can change the address to a hackers address, but if nothing is copied to clipboard but displayed directly, no address will change to a hacker's address.
Perhaps new generation crypto-malware will have the capability to attack certain wallets directly and not replace an address in the clipboard. An infected wallet will show the wrong address in the software (addresses tab, new receiving addresses, etc.). Perhaps it's going to be a type of master public key replacer instead of a clipboard malware that replaces your zpub with another one. In that case, you would scan the wrong address and notice the difference on the hardware wallet screen if you check it.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 31, 2023, 11:46:45 AM
#11
I am not sure of any active malware threats that target displayed QR codes, but we shouldn't consider anything 100% safe and let our guard down. A QR code is just a graphical representation (in the form of a code) of an address). If the address represented in the code is correct, so is the QR code. If it's wrong, you would be scanning the wrong address. As satscraper mentioned, nothing beats checking and double-checking everything manually before confirming a transaction.
QR code offers a better means of signing PBST (I mean unsigned transactions), which is far more secure. QR code is resistant to malware in the sense that you do not have to copy anything to clipboard to paste. Clipboard malware can change the address to a hackers address, but if nothing is copied to clipboard but displayed directly, no address will change to a hacker's address.

If going for the most secure way, that does not mean someone should not still be careful. If I want to make bitcoin transaction, I check some first few characters, some middle characters and the last 5 characters. That is how I have been doing it.
legendary
Activity: 2730
Merit: 7065
October 31, 2023, 11:33:53 AM
#10
...and I prefer QR code which is malware resistant.
I am not sure of any active malware threats that target displayed QR codes, but we shouldn't consider anything 100% safe and let our guard down. A QR code is just a graphical representation (in the form of a code) of an address). If the address represented in the code is correct, so is the QR code. If it's wrong, you would be scanning the wrong address. As satscraper mentioned, nothing beats checking and double-checking everything manually before confirming a transaction.
hero member
Activity: 714
Merit: 1298
October 31, 2023, 04:40:34 AM
#9
I prefer QR code which is malware resistant.

Pairing and further communication via QR code is also my preference when working with Passport 2, however I don't think that QR generated, let's say Sparrow is  malware resistant. If Sparrow is compromised malware is capable to substitute genuine QR code by inserting , for instance, the false destination  address for payment. Thus it is always better to check twice the details of transaction you have to  sign with Passport device.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 30, 2023, 06:05:56 PM
#8
Electrum doesn't allow pairing Passport  via QR code, contrary to Sparrow.
I did not know until now. Sparrow has been a good alternative to Electum. It is better if it is used with Sparrow because to be inserting microSD card into computer and Passport hardware wallet device would be annoying, and I prefer QR code which is malware resistant. Probably the problem is from Electrum not supporting blockchain commons' UR1.0 or UR2.0 standard for splitting data into multiple QR codes. I saw a complaint about it which has been since 2021:

https://github.com/Foundation-Devices/passport-firmware/issues/3
hero member
Activity: 714
Merit: 1298
October 30, 2023, 01:07:03 PM
#7
who has tested passport wallet and compared it to trezor?

https://foundationdevices.com/passport/

I was thinking of buying one.

I have trezor 1
and trezor 2


how are they for durability? they look well made.

I'm an active user of Passport 2 since the mid of May and published here on forum  dozens  of  points&tips relevant to its usage. Just look at my history.

You won't be sorry of buying it. Passport 2 has the solid case with the metal inner frame.  The plastic around this frame  is thick and doesn't look like the cheap stuff. The back lid which coves battery compartment is a tight-fitting cap hold by  small but strong  magnets. I like such design.

If you are a fan of signing your transaction with QR code, passport is the best option of hardware wallet that you can go for. You can use it with wallet like Electrum. It is an airgapped hardware wallet and completely open source. The most reputed wallet recommended by the members of this forum as of now.

Electrum doesn't allow pairing Passport  via QR code, contrary to Sparrow.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 29, 2023, 05:44:03 PM
#6
Looking for youtube demos on it.

Also looking on a way to buy it.

https://youtu.be/ukCkgQcAdYw?si=tsGxEle8s21D47Jq

You can buy it from the official website. The link on the OP: https://foundationdevices.com/passport/

Edit:
Maybe this could be helpful: https://youtube.com/@foundationdevices?si=FnLKWMZfO9dRdZFn
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
October 29, 2023, 05:33:55 PM
#5
how are they for durability? they look well made.
I have unable to see any information about its durability, but I believe it is as durable as Trezor hardware wallets if not more. Also that it is not what that would be carried about but kept in a safe place.

Looking for youtube demos on it.

Also looking on a way to buy it.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 29, 2023, 04:00:32 PM
#4
how are they for durability? they look well made.
I have unable to see any information about its durability, but I believe it is as durable as Trezor hardware wallets if not more. Also that it is not what that would be carried about but kept in a safe place.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
October 29, 2023, 03:41:32 PM
#3
If you are a fan of signing your transaction with QR code, passport is the best option of hardware wallet that you can go for. You can use it with wallet like Electrum. It is an airgapped hardware wallet and completely open source. The most reputed wallet recommended by the members of this forum as of now.

So it photos the code and does its thing.

how are they for durability? they look well made.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 29, 2023, 01:11:46 PM
#2
If you are a fan of signing your transaction with QR code, passport is the best option of hardware wallet that you can go for. You can use it with wallet like Electrum. It is an airgapped hardware wallet and completely open source. The most reputed wallet recommended by the members of this forum as of now.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
October 29, 2023, 12:46:53 PM
#1
who has tested passport wallet and compared it to trezor?

https://foundationdevices.com/passport/

I was thinking of buying one.

I have trezor 1
and trezor 2
Jump to: